If you need to send me an API key, AWS IAM credentials, username/password combination, or other data that you want to ensure remains secure, you can encrypt it for me, and only me, using public key cryptography. This is more secure than using a password.
To do this, you will need to install gpg.
You can do this using your system’s package manager (e.g.
brew install gnupg,
apt-get install gnupg,
yum install gnupg,
apk add gnupg). If you’re using Windows, you can download a “binary release” from here: https://gnupg.org/download/
Once it’s installed, you’ll need to import my public key into your system to encrypt data for me. First, you’ll need my public key.
You can download it from two locations:
For convenience, here’s the shell command:
curl https://adrianhesketh.com/a-h.gpg -o a-h.gpg
To ensure you’ve got the right one, check the SHA256 hash:
# Unix shasum -a 256 a-h.gpg
# Windows Powershell Get-FileHash -Path a-h.gpg
You should see the output:
Next, import my public key into your GPG setup.
gpg --import a-h.gpg
You should see an import complete message. You’re now able to encrypt data for me. Let’s say that you want to encrypt ‘credentials.csv’.
gpg --encrypt --recipient firstname.lastname@example.org credentials.csv
You’ll be prompted to make sure that you’ve downloaded the right key and that you’ve checked the hashes. If you’re sure, enter Y to encrypt.
It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes.
The encrypted data will now be at
credentials.csv.gpg. You can then send me the
.gpg file safely via email, Slack or another communication mechanism - just be careful to send the file that ends with
.gpg, not the unencrypted data.